Attackers are increasingly going after enterprise’s Active Directory (AD) credentials, accounts, and associated access or data, on-premises and in the cloud, to advance their attacks.
Organizations currently lack awareness of exposures and entitlements within their AD infrastructure. This lack of visibility makes it difficult to know what kind of identity-based risks and entitlement exposures resulting from misconfigurations, policies, settings, or overly permissive provisioning they face, or what risk can become a vulnerability for attackers to target.
While a new class of AD security assessment and analysis products has emerged in response, their capabilities vary. Security teams will need to carefully evaluate solutions to ensure that they meet their requirements. While these requirements will vary, we have compiled the following questions to help you start evaluating a solution.